Bug 451960
| Summary: | mod_nss no longer starts | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Thomas Sailer <fedora> |
| Component: | mod_nss | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8 | CC: | kengert, sweigand |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | mod_nss-1.0.7-4.fc8 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-06-19 02:51:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
And yes, downgrading to nss-3.11.7-10.fc8, nss-devel-3.11.7-10.fc8, and nss- functionality. changing component to mod_nss Thomas, can you try this build: http://koji.fedoraproject.org/koji/taskinfo?taskID=669540 with: mod_nss-1.0.7-3.fc8 nss-3.12.0.3-0.8.1.fc8 I get the following in /var/log/httpd/error_log: [Thu Jun 19 00:47:40 2008] [error] NSS_Initialize failed. Certificate database:/etc/httpd/alias. [Thu Jun 19 00:47:40 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED i.e. does not work. nss-3.11.7-10.fc8 & mod_nss-1.0.7-3.fc8 does not work either. mod_nss-1.0.7-2.fc8 & nss-3.11.7-10.fc8 works. This is probably a permissions issue. The NSS database now needs to be readable by the user apache (the default user of httpd). /etc/httpd/alias/*.db should be owned by root:apache and mode 0640 I missed updating that in the .spec file. A new spin will be coming soon but chmod and chgrp should get you going again. Checking in mod_nss.spec; /cvs/extras/rpms/mod_nss/F-8/mod_nss.spec,v <-- mod_nss.spec new revision: 1.9; previous revision: 1.8 done mod_nss-1.0.7-4.fc8 has been submitted as an update for Fedora 8 Indeed, it was the permissions issue. It now works, thanks. mod_nss-1.0.7-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. FYI: I applied Release 6 of RHEL5 this morning and had the permissions error happen. You might want to either watch bug 669963 or file a new bug. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/4.0; Linux) KHTML/4.0.5 (like Gecko) Fedora/4.0.5-2.fc9 Description of problem: SSL with my apache httpd (configured to use mod_nss) no longer works since this update. It worked before. The certificate database was created by the IPA installation script roughly half a year ago. It seems to be ok: # certutil -L -d /etc/httpd/alias/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA certificate CT,,C Server-Cert u,u,u Signing-Cert u,u,u # certutil -V -d /etc/httpd/alias/ -n "Server-Cert" -u V certutil: certificate is valid I can still connect using plain http. However, when I try to connect the webserver with https, I get the following in /var/log/httpd/error_log: [Wed Jun 18 14:19:57 2008] [error] SSL Library Error: -12215 MD5 digest function failed On the client side: $ curl -v https://xx.com/fedora/ * About to connect() to xx.com port 443 (#0) * Trying 192.168.1.2... connected * Connected to xx.com (192.168.1.2) port 443 (#0) * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -5938 * Closing connection #0 * SSL connect error curl: (35) SSL connect error Version-Release number of selected component (if applicable): nss-3.12.0.3-0.8.1.fc8 How reproducible: Always Steps to Reproduce: 1.Install IPA server 2.Try to connect it using https Actual Results: SSL connect error Expected Results: IPA GUI should be displayed. Additional info: